From 8fbcc4391ef8ea178520f2e15c07a505621244a6 Mon Sep 17 00:00:00 2001 From: Julien Boeuf Date: Thu, 15 Jan 2015 16:44:13 -0800 Subject: Changing the SSL (Server) Credentials API. - Changed the unsigned char * + size to NULL terminated strings which makes sense for the PEM format. I may change TSI later (but the impact will hopefully be much more limited). - Added a way to pass multiple key/cert pairs to servers which is needed when hosting more than one domain. - Removed the C++ SSL credentials tests as we are going to have an option to not specify the roots which will then be derived from the environment (well-known platform dependent locations and/or environment variable). - Fixed the php build which is the only one added in the run_test.py. This change will certainly break node, python and ruby. --- include/grpc++/server_credentials.h | 8 +- include/grpc/grpc_security.h | 56 +++++----- src/core/security/credentials.c | 113 +++++++++++++++------ src/core/security/credentials.h | 13 ++- src/core/security/security_context.c | 19 ++-- src/core/security/security_context.h | 2 +- src/cpp/client/credentials.cc | 22 +--- src/cpp/server/server_credentials.cc | 23 ++--- src/php/ext/grpc/credentials.c | 13 ++- src/php/ext/grpc/server_credentials.c | 14 ++- test/core/end2end/data/prod_roots_certs.c | 5 +- test/core/end2end/data/server1_cert.c | 5 +- test/core/end2end/data/server1_key.c | 5 +- test/core/end2end/data/ssl_test_data.h | 12 +-- test/core/end2end/data/test_root_cert.c | 5 +- .../end2end/fixtures/chttp2_simple_ssl_fullstack.c | 11 +- .../chttp2_simple_ssl_with_oauth2_fullstack.c | 10 +- test/core/fling/server.c | 7 +- test/core/security/credentials_test.c | 10 +- test/cpp/client/credentials_test.cc | 9 -- test/cpp/interop/server.cc | 6 +- test/cpp/util/create_test_channel.cc | 7 +- 22 files changed, 191 insertions(+), 184 deletions(-) diff --git a/include/grpc++/server_credentials.h b/include/grpc++/server_credentials.h index cf08870f42..91504ae0ae 100644 --- a/include/grpc++/server_credentials.h +++ b/include/grpc++/server_credentials.h @@ -35,6 +35,7 @@ #define __GRPCPP_SERVER_CREDENTIALS_H_ #include +#include #include @@ -60,9 +61,12 @@ class ServerCredentials final { // Options to create ServerCredentials with SSL struct SslServerCredentialsOptions { + struct PemKeyCertPair{ + grpc::string private_key; + grpc::string cert_chain; + }; grpc::string pem_root_certs; - grpc::string pem_private_key; - grpc::string pem_cert_chain; + std::vector pem_key_cert_pairs; }; // Factory for building different types of ServerCredentials diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 644b31f763..440aa9b563 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -54,22 +54,26 @@ void grpc_credentials_release(grpc_credentials *creds); /* Creates default credentials. */ grpc_credentials *grpc_default_credentials_create(void); +/* Object that holds a private key / certificate chain pair in PEM format. */ +typedef struct { + /* private_key is the NULL-terminated string containing the PEM encoding of + the client's private key. */ + const char *private_key; + + /* cert_chain is the NULL-terminated string containing the PEM encoding of + the client's certificate chain. */ + const char *cert_chain; +} grpc_ssl_pem_key_cert_pair; + /* Creates an SSL credentials object. - - pem_roots_cert is the buffer containing the PEM encoding of the server - root certificates. This parameter cannot be NULL. - - pem_roots_cert_size is the size of the associated buffer. - - pem_private_key is the buffer containing the PEM encoding of the client's - private key. This parameter can be NULL if the client does not have a - private key. - - pem_private_key_size is the size of the associated buffer. - - pem_cert_chain is the buffer containing the PEM encoding of the client's - certificate chain. This parameter can be NULL if the client does not have - a certificate chain. - - pem_cert_chain_size is the size of the associated buffer. */ + - pem_roots_cert is the NULL-terminated string containing the PEM encoding + of the server root certificates. If this parameter is NULL, the default + roots will be used. + - pem_key_cert_pair is a pointer on the object containing client's private + key and certificate chain. This parameter can be NULL if the client does + not have such a key/cert pair. */ grpc_credentials *grpc_ssl_credentials_create( - const unsigned char *pem_root_certs, size_t pem_root_certs_size, - const unsigned char *pem_private_key, size_t pem_private_key_size, - const unsigned char *pem_cert_chain, size_t pem_cert_chain_size); + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair); /* Creates a composite credentials object. */ grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1, @@ -130,22 +134,16 @@ typedef struct grpc_server_credentials grpc_server_credentials; void grpc_server_credentials_release(grpc_server_credentials *creds); /* Creates an SSL server_credentials object. - TODO(jboeuf): Change the constructor so that it can support multiple - key/cert pairs. - - pem_roots_cert is the buffer containing the PEM encoding of the server - root certificates. This parameter may be NULL if the server does not want - the client to be authenticated with SSL. - - pem_roots_cert_size is the size of the associated buffer. - - pem_private_key is the buffer containing the PEM encoding of the client's - private key. This parameter cannot be NULL. - - pem_private_key_size is the size of the associated buffer. - - pem_cert_chain is the buffer containing the PEM encoding of the client's - certificate chain. This parameter cannot be NULL. - - pem_cert_chain_size is the size of the associated buffer. */ + - pem_roots_cert is the NULL-terminated string containing the PEM encoding of + the client root certificates. This parameter may be NULL if the server does + not want the client to be authenticated with SSL. + - pem_key_cert_pairs is an array private key / certificate chains of the + server. This parameter cannot be NULL. + - num_key_cert_pairs indicates the number of items in the private_key_files + and cert_chain_files parameters. It should be at least 1. */ grpc_server_credentials *grpc_ssl_server_credentials_create( - const unsigned char *pem_root_certs, size_t pem_root_certs_size, - const unsigned char *pem_private_key, size_t pem_private_key_size, - const unsigned char *pem_cert_chain, size_t pem_cert_chain_size); + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + size_t num_key_cert_pairs); /* Creates a fake server transport security credentials object for testing. */ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c index 006d863e27..628963e46c 100644 --- a/src/core/security/credentials.c +++ b/src/core/security/credentials.c @@ -139,7 +139,7 @@ typedef struct { typedef struct { grpc_server_credentials base; - grpc_ssl_config config; + grpc_ssl_server_config config; } grpc_ssl_server_credentials; static void ssl_destroy(grpc_credentials *creds) { @@ -152,9 +152,24 @@ static void ssl_destroy(grpc_credentials *creds) { static void ssl_server_destroy(grpc_server_credentials *creds) { grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; + size_t i; + for (i = 0; i < c->config.num_key_cert_pairs; i++) { + if (c->config.pem_private_keys[i] != NULL) { + gpr_free(c->config.pem_private_keys[i]); + } + if (c->config.pem_cert_chains[i]!= NULL) { + gpr_free(c->config.pem_cert_chains[i]); + } + } + if (c->config.pem_private_keys != NULL) gpr_free(c->config.pem_private_keys); + if (c->config.pem_private_keys_sizes != NULL) { + gpr_free(c->config.pem_private_keys_sizes); + } + if (c->config.pem_cert_chains != NULL) gpr_free(c->config.pem_cert_chains); + if (c->config.pem_cert_chains_sizes != NULL) { + gpr_free(c->config.pem_cert_chains_sizes); + } if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs); - if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key); - if (c->config.pem_cert_chain != NULL) gpr_free(c->config.pem_cert_chain); gpr_free(creds); } @@ -179,7 +194,7 @@ const grpc_ssl_config *grpc_ssl_credentials_get_config( } } -const grpc_ssl_config *grpc_ssl_server_credentials_get_config( +const grpc_ssl_server_config *grpc_ssl_server_credentials_get_config( const grpc_server_credentials *creds) { if (creds == NULL || strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) { return NULL; @@ -189,57 +204,89 @@ const grpc_ssl_config *grpc_ssl_server_credentials_get_config( } } -static void ssl_build_config(const unsigned char *pem_root_certs, - size_t pem_root_certs_size, - const unsigned char *pem_private_key, - size_t pem_private_key_size, - const unsigned char *pem_cert_chain, - size_t pem_cert_chain_size, +static void ssl_copy_key_material(const char *input, unsigned char **output, + size_t *output_size) { + *output_size = strlen(input); + *output = gpr_malloc(*output_size); + memcpy(*output, input, *output_size); +} + +static void ssl_build_config(const char *pem_root_certs, + grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, grpc_ssl_config *config) { + if (pem_root_certs == NULL) { + /* TODO(jboeuf): Get them from the environment. */ + gpr_log(GPR_ERROR, "Default SSL roots not yet implemented."); + } else { + ssl_copy_key_material(pem_root_certs, &config->pem_root_certs, + &config->pem_root_certs_size); + } + + if (pem_key_cert_pair != NULL) { + GPR_ASSERT(pem_key_cert_pair->private_key != NULL); + GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL); + ssl_copy_key_material(pem_key_cert_pair->private_key, + &config->pem_private_key, + &config->pem_private_key_size); + ssl_copy_key_material(pem_key_cert_pair->cert_chain, + &config->pem_cert_chain, + &config->pem_cert_chain_size); + } +} + +static void ssl_build_server_config( + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + size_t num_key_cert_pairs, grpc_ssl_server_config *config) { + size_t i; if (pem_root_certs != NULL) { - config->pem_root_certs = gpr_malloc(pem_root_certs_size); - memcpy(config->pem_root_certs, pem_root_certs, pem_root_certs_size); - config->pem_root_certs_size = pem_root_certs_size; + ssl_copy_key_material(pem_root_certs, &config->pem_root_certs, + &config->pem_root_certs_size); } - if (pem_private_key != NULL) { - config->pem_private_key = gpr_malloc(pem_private_key_size); - memcpy(config->pem_private_key, pem_private_key, pem_private_key_size); - config->pem_private_key_size = pem_private_key_size; + if (num_key_cert_pairs > 0) { + GPR_ASSERT(pem_key_cert_pairs != NULL); + config->pem_private_keys = + gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *)); + config->pem_cert_chains = + gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *)); + config->pem_private_keys_sizes = + gpr_malloc(num_key_cert_pairs * sizeof(size_t)); + config->pem_cert_chains_sizes = + gpr_malloc(num_key_cert_pairs * sizeof(size_t)); } - if (pem_cert_chain != NULL) { - config->pem_cert_chain = gpr_malloc(pem_cert_chain_size); - memcpy(config->pem_cert_chain, pem_cert_chain, pem_cert_chain_size); - config->pem_cert_chain_size = pem_cert_chain_size; + config->num_key_cert_pairs = num_key_cert_pairs; + for (i = 0; i < num_key_cert_pairs; i++) { + GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL); + GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL); + ssl_copy_key_material(pem_key_cert_pairs[i].private_key, + &config->pem_private_keys[i], + &config->pem_private_keys_sizes[i]); + ssl_copy_key_material(pem_key_cert_pairs[i].cert_chain, + &config->pem_cert_chains[i], + &config->pem_cert_chains_sizes[i]); } } grpc_credentials *grpc_ssl_credentials_create( - const unsigned char *pem_root_certs, size_t pem_root_certs_size, - const unsigned char *pem_private_key, size_t pem_private_key_size, - const unsigned char *pem_cert_chain, size_t pem_cert_chain_size) { + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair) { grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials)); memset(c, 0, sizeof(grpc_ssl_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_SSL; c->base.vtable = &ssl_vtable; gpr_ref_init(&c->base.refcount, 1); - ssl_build_config(pem_root_certs, pem_root_certs_size, pem_private_key, - pem_private_key_size, pem_cert_chain, pem_cert_chain_size, - &c->config); + ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config); return &c->base; } grpc_server_credentials *grpc_ssl_server_credentials_create( - const unsigned char *pem_root_certs, size_t pem_root_certs_size, - const unsigned char *pem_private_key, size_t pem_private_key_size, - const unsigned char *pem_cert_chain, size_t pem_cert_chain_size) { + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + size_t num_key_cert_pairs) { grpc_ssl_server_credentials *c = gpr_malloc(sizeof(grpc_ssl_server_credentials)); memset(c, 0, sizeof(grpc_ssl_server_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_SSL; c->base.vtable = &ssl_server_vtable; - ssl_build_config(pem_root_certs, pem_root_certs_size, pem_private_key, - pem_private_key_size, pem_cert_chain, pem_cert_chain_size, - &c->config); + ssl_build_server_config(pem_root_certs, pem_key_cert_pairs, + num_key_cert_pairs, &c->config); return &c->base; } diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h index 4a2532d7c4..8a9ff41e10 100644 --- a/src/core/security/credentials.h +++ b/src/core/security/credentials.h @@ -137,10 +137,17 @@ struct grpc_server_credentials { const char *type; }; -/* TODO(jboeuf): Have an ssl_server_config that can contain multiple key/cert - pairs. */ +typedef struct { + unsigned char **pem_private_keys; + size_t *pem_private_keys_sizes; + unsigned char **pem_cert_chains; + size_t *pem_cert_chains_sizes; + size_t num_key_cert_pairs; + unsigned char *pem_root_certs; + size_t pem_root_certs_size; +} grpc_ssl_server_config; -const grpc_ssl_config *grpc_ssl_server_credentials_get_config( +const grpc_ssl_server_config *grpc_ssl_server_credentials_get_config( const grpc_server_credentials *ssl_creds); #endif /* __GRPC_INTERNAL_SECURITY_CREDENTIALS_H__ */ diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c index 3a70f44a0a..cce3c7fe04 100644 --- a/src/core/security/security_context.c +++ b/src/core/security/security_context.c @@ -382,7 +382,7 @@ error: } grpc_security_status grpc_ssl_server_security_context_create( - const grpc_ssl_config *config, grpc_security_context **ctx) { + const grpc_ssl_server_config *config, grpc_security_context **ctx) { size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); const unsigned char **alpn_protocol_strings = gpr_malloc(sizeof(const char *) * num_alpn_protocols); @@ -399,8 +399,7 @@ grpc_security_status grpc_ssl_server_security_context_create( strlen(grpc_chttp2_get_alpn_version_index(i)); } - if (config == NULL || config->pem_private_key == NULL || - config->pem_cert_chain == NULL) { + if (config == NULL || config->num_key_cert_pairs == 0) { gpr_log(GPR_ERROR, "An SSL server needs a key and a cert."); goto error; } @@ -410,13 +409,13 @@ grpc_security_status grpc_ssl_server_security_context_create( gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &ssl_server_vtable; result = tsi_create_ssl_server_handshaker_factory( - (const unsigned char **)&config->pem_private_key, - &config->pem_private_key_size, - (const unsigned char **)&config->pem_cert_chain, - &config->pem_cert_chain_size, 1, config->pem_root_certs, - config->pem_root_certs_size, GRPC_SSL_CIPHER_SUITES, - alpn_protocol_strings, alpn_protocol_string_lengths, num_alpn_protocols, - &c->handshaker_factory); + (const unsigned char **)config->pem_private_keys, + config->pem_private_keys_sizes, + (const unsigned char **)config->pem_cert_chains, + config->pem_cert_chains_sizes, config->num_key_cert_pairs, + config->pem_root_certs, config->pem_root_certs_size, + GRPC_SSL_CIPHER_SUITES, alpn_protocol_strings, + alpn_protocol_string_lengths, num_alpn_protocols, &c->handshaker_factory); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", tsi_result_to_string(result)); diff --git a/src/core/security/security_context.h b/src/core/security/security_context.h index 9ace7f1ccb..2caa2d3690 100644 --- a/src/core/security/security_context.h +++ b/src/core/security/security_context.h @@ -157,7 +157,7 @@ grpc_security_status grpc_ssl_channel_security_context_create( specific error code otherwise. */ grpc_security_status grpc_ssl_server_security_context_create( - const grpc_ssl_config *config, grpc_security_context **ctx); + const grpc_ssl_server_config *config, grpc_security_context **ctx); /* --- Creation of high level objects. --- */ diff --git a/src/cpp/client/credentials.cc b/src/cpp/client/credentials.cc index 0955fa28ae..8e3a988477 100644 --- a/src/cpp/client/credentials.cc +++ b/src/cpp/client/credentials.cc @@ -54,26 +54,12 @@ std::unique_ptr CredentialsFactory::DefaultCredentials() { // Builds SSL Credentials given SSL specific options std::unique_ptr CredentialsFactory::SslCredentials( const SslCredentialsOptions &options) { - const unsigned char *pem_root_certs = - options.pem_root_certs.empty() ? nullptr - : reinterpret_cast( - options.pem_root_certs.c_str()); - if (pem_root_certs == nullptr) { - return std::unique_ptr(); - } - const unsigned char *pem_private_key = - options.pem_private_key.empty() ? nullptr - : reinterpret_cast( - options.pem_private_key.c_str()); - const unsigned char *pem_cert_chain = - options.pem_cert_chain.empty() ? nullptr - : reinterpret_cast( - options.pem_cert_chain.c_str()); + grpc_ssl_pem_key_cert_pair pem_key_cert_pair = { + options.pem_private_key.c_str(), options.pem_cert_chain.c_str()}; grpc_credentials *c_creds = grpc_ssl_credentials_create( - pem_root_certs, options.pem_root_certs.size(), pem_private_key, - options.pem_private_key.size(), pem_cert_chain, - options.pem_cert_chain.size()); + options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), + options.pem_private_key.empty() ? nullptr : &pem_key_cert_pair); std::unique_ptr cpp_creds( c_creds == nullptr ? nullptr : new Credentials(c_creds)); return cpp_creds; diff --git a/src/cpp/server/server_credentials.cc b/src/cpp/server/server_credentials.cc index b82a2d821a..ce0271b6a0 100644 --- a/src/cpp/server/server_credentials.cc +++ b/src/cpp/server/server_credentials.cc @@ -48,23 +48,14 @@ grpc_server_credentials *ServerCredentials::GetRawCreds() { return creds_; } std::shared_ptr ServerCredentialsFactory::SslCredentials( const SslServerCredentialsOptions &options) { - const unsigned char *pem_root_certs = - options.pem_root_certs.empty() ? nullptr - : reinterpret_cast( - options.pem_root_certs.c_str()); - const unsigned char *pem_private_key = - options.pem_private_key.empty() ? nullptr - : reinterpret_cast( - options.pem_private_key.c_str()); - const unsigned char *pem_cert_chain = - options.pem_cert_chain.empty() ? nullptr - : reinterpret_cast( - options.pem_cert_chain.c_str()); - + std::vector pem_key_cert_pairs; + for (const auto &key_cert_pair : options.pem_key_cert_pairs) { + pem_key_cert_pairs.push_back( + {key_cert_pair.private_key.c_str(), key_cert_pair.cert_chain.c_str()}); + } grpc_server_credentials *c_creds = grpc_ssl_server_credentials_create( - pem_root_certs, options.pem_root_certs.size(), pem_private_key, - options.pem_private_key.size(), pem_cert_chain, - options.pem_cert_chain.size()); + options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), + &pem_key_cert_pairs[0], pem_key_cert_pairs.size()); return std::shared_ptr(new ServerCredentials(c_creds)); } diff --git a/src/php/ext/grpc/credentials.c b/src/php/ext/grpc/credentials.c index 2a83d1cbc1..c63196bf90 100644 --- a/src/php/ext/grpc/credentials.c +++ b/src/php/ext/grpc/credentials.c @@ -77,24 +77,23 @@ PHP_METHOD(Credentials, createDefault) { */ PHP_METHOD(Credentials, createSsl) { char *pem_root_certs; - char *pem_private_key = NULL; - char *pem_cert_chain = NULL; + grpc_ssl_pem_key_cert_pair pem_key_cert_pair; int root_certs_length, private_key_length = 0, cert_chain_length = 0; /* "s|s!s! == 1 string, 2 optional nullable strings */ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s!s!", &pem_root_certs, &root_certs_length, - &pem_private_key, &private_key_length, - &pem_cert_chain, &cert_chain_length) == FAILURE) { + &pem_key_cert_pair.private_key, &private_key_length, + &pem_key_cert_pair.cert_chain, + &cert_chain_length) == FAILURE) { zend_throw_exception(spl_ce_InvalidArgumentException, "createSsl expects 1 to 3 strings", 1 TSRMLS_CC); return; } grpc_credentials *creds = grpc_ssl_credentials_create( - (unsigned char *)pem_root_certs, (size_t)root_certs_length, - (unsigned char *)pem_private_key, (size_t)private_key_length, - (unsigned char *)pem_cert_chain, (size_t)cert_chain_length); + pem_root_certs, + pem_key_cert_pair.private_key == NULL ? NULL : &pem_key_cert_pair); zval *creds_object = grpc_php_wrap_credentials(creds); RETURN_DESTROY_ZVAL(creds_object); } diff --git a/src/php/ext/grpc/server_credentials.c b/src/php/ext/grpc/server_credentials.c index 1f8e58aa4d..3d43d6a78c 100644 --- a/src/php/ext/grpc/server_credentials.c +++ b/src/php/ext/grpc/server_credentials.c @@ -66,24 +66,22 @@ zval *grpc_php_wrap_server_credentials(grpc_server_credentials *wrapped) { */ PHP_METHOD(ServerCredentials, createSsl) { char *pem_root_certs = 0; - char *pem_private_key; - char *pem_cert_chain; + grpc_ssl_pem_key_cert_pair pem_key_cert_pair; int root_certs_length = 0, private_key_length, cert_chain_length; /* "s!ss" == 1 nullable string, 2 strings */ + /* TODO: support multiple key cert pairs. */ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s!ss", &pem_root_certs, - &root_certs_length, &pem_private_key, - &private_key_length, &pem_cert_chain, + &root_certs_length, &pem_key_cert_pair.private_key, + &private_key_length, &pem_key_cert_pair.cert_chain, &cert_chain_length) == FAILURE) { zend_throw_exception(spl_ce_InvalidArgumentException, "createSsl expects 3 strings", 1 TSRMLS_CC); return; } - grpc_server_credentials *creds = grpc_ssl_server_credentials_create( - (unsigned char *)pem_root_certs, (size_t)root_certs_length, - (unsigned char *)pem_private_key, (size_t)private_key_length, - (unsigned char *)pem_cert_chain, (size_t)cert_chain_length); + grpc_server_credentials *creds = + grpc_ssl_server_credentials_create(pem_root_certs, &pem_key_cert_pair, 1); zval *creds_object = grpc_php_wrap_server_credentials(creds); RETURN_DESTROY_ZVAL(creds_object); } diff --git a/test/core/end2end/data/prod_roots_certs.c b/test/core/end2end/data/prod_roots_certs.c index 21a199ce37..3b66d236c3 100644 --- a/test/core/end2end/data/prod_roots_certs.c +++ b/test/core/end2end/data/prod_roots_certs.c @@ -31,7 +31,7 @@ * */ -unsigned char prod_roots_certs[] = { +const char prod_roots_certs[] = { 0x23, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x3a, 0x20, 0x43, 0x4e, 0x3d, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52, @@ -11270,5 +11270,4 @@ unsigned char prod_roots_certs[] = { 0x33, 0x50, 0x59, 0x74, 0x6c, 0x4e, 0x58, 0x4c, 0x66, 0x62, 0x51, 0x34, 0x64, 0x64, 0x49, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, - 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a}; -unsigned int prod_roots_certs_size = 134862; + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00}; diff --git a/test/core/end2end/data/server1_cert.c b/test/core/end2end/data/server1_cert.c index da1d36653c..134b9cb98e 100644 --- a/test/core/end2end/data/server1_cert.c +++ b/test/core/end2end/data/server1_cert.c @@ -31,7 +31,7 @@ * */ -unsigned char test_server1_cert[] = { +const char test_server1_cert[] = { 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x6d, 0x7a, 0x43, 0x43, @@ -112,5 +112,4 @@ unsigned char test_server1_cert[] = { 0x32, 0x77, 0x65, 0x2f, 0x4b, 0x44, 0x34, 0x6f, 0x6a, 0x66, 0x39, 0x73, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, - 0x2d, 0x2d, 0x2d, 0x0a}; -unsigned int test_server1_cert_size = 964; + 0x2d, 0x2d, 0x2d, 0x0a, 0x00}; diff --git a/test/core/end2end/data/server1_key.c b/test/core/end2end/data/server1_key.c index 3540505467..992d3c032a 100644 --- a/test/core/end2end/data/server1_key.c +++ b/test/core/end2end/data/server1_key.c @@ -31,7 +31,7 @@ * */ -unsigned char test_server1_key[] = { +const char test_server1_key[] = { 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x52, 0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, @@ -105,5 +105,4 @@ unsigned char test_server1_key[] = { 0x6e, 0x68, 0x66, 0x66, 0x46, 0x79, 0x65, 0x37, 0x53, 0x42, 0x58, 0x79, 0x61, 0x67, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x52, 0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, - 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a}; -unsigned int test_server1_key_size = 887; + 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00}; diff --git a/test/core/end2end/data/ssl_test_data.h b/test/core/end2end/data/ssl_test_data.h index 6ac19945b2..3456ebebd4 100644 --- a/test/core/end2end/data/ssl_test_data.h +++ b/test/core/end2end/data/ssl_test_data.h @@ -34,14 +34,10 @@ #ifndef __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__ #define __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__ -extern unsigned char test_root_cert[]; -extern unsigned int test_root_cert_size; -extern unsigned char test_server1_cert[]; -extern unsigned int test_server1_cert_size; -extern unsigned char test_server1_key[]; -extern unsigned int test_server1_key_size; +extern const char test_root_cert[]; +extern const char test_server1_cert[]; +extern const char test_server1_key[]; -extern unsigned char prod_roots_certs[]; -extern unsigned int prod_roots_certs_size; +extern const char prod_roots_certs[]; #endif /* __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__ */ diff --git a/test/core/end2end/data/test_root_cert.c b/test/core/end2end/data/test_root_cert.c index fd01953ccb..f358b0b79a 100644 --- a/test/core/end2end/data/test_root_cert.c +++ b/test/core/end2end/data/test_root_cert.c @@ -31,7 +31,7 @@ * */ -unsigned char test_root_cert[] = { +const char test_root_cert[] = { 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x49, 0x7a, 0x43, 0x43, @@ -98,5 +98,4 @@ unsigned char test_root_cert[] = { 0x31, 0x59, 0x75, 0x58, 0x32, 0x72, 0x6e, 0x65, 0x78, 0x30, 0x4a, 0x68, 0x75, 0x54, 0x51, 0x66, 0x63, 0x49, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, - 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a}; -unsigned int test_root_cert_size = 802; + 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00}; diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c index 7718d30b3e..e5cdec8ea7 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c @@ -98,8 +98,8 @@ void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) { static void chttp2_init_client_simple_ssl_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { - grpc_credentials *ssl_creds = grpc_ssl_credentials_create( - test_root_cert, test_root_cert_size, NULL, 0, NULL, 0); + grpc_credentials *ssl_creds = + grpc_ssl_credentials_create(test_root_cert, NULL); grpc_arg ssl_name_override = {GRPC_ARG_STRING, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, {"foo.test.google.com"}}; @@ -111,9 +111,10 @@ static void chttp2_init_client_simple_ssl_secure_fullstack( static void chttp2_init_server_simple_ssl_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *server_args) { - grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create( - NULL, 0, test_server1_key, test_server1_key_size, test_server1_cert, - test_server1_cert_size); + grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key, + test_server1_cert}; + grpc_server_credentials *ssl_creds = + grpc_ssl_server_credentials_create(NULL, &pem_cert_key_pair, 1); chttp2_init_server_secure_fullstack(f, server_args, ssl_creds); } diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c index bb8af88c54..8bfa465696 100644 --- a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c +++ b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c @@ -99,8 +99,7 @@ void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) { static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { - grpc_credentials *ssl_creds = grpc_ssl_credentials_create( - test_root_cert, test_root_cert_size, NULL, 0, NULL, 0); + grpc_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL); grpc_credentials *oauth2_creds = grpc_fake_oauth2_credentials_create("Bearer aaslkfjs424535asdf", 1); grpc_credentials *ssl_oauth2_creds = @@ -118,9 +117,10 @@ static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack( static void chttp2_init_server_simple_ssl_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *server_args) { - grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create( - NULL, 0, test_server1_key, test_server1_key_size, test_server1_cert, - test_server1_cert_size); + grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key, + test_server1_cert}; + grpc_server_credentials *ssl_creds = + grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1); chttp2_init_server_secure_fullstack(f, server_args, ssl_creds); } diff --git a/test/core/fling/server.c b/test/core/fling/server.c index d68fbe7c3c..f811aac284 100644 --- a/test/core/fling/server.c +++ b/test/core/fling/server.c @@ -101,9 +101,10 @@ int main(int argc, char **argv) { cq = grpc_completion_queue_create(); if (secure) { - grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create( - NULL, 0, test_server1_key, test_server1_key_size, test_server1_cert, - test_server1_cert_size); + grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key, + test_server1_cert}; + grpc_server_credentials *ssl_creds = + grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1); server = grpc_secure_server_create(ssl_creds, cq, NULL); GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr)); grpc_server_credentials_release(ssl_creds); diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c index 619f09308e..9c60f4c233 100644 --- a/test/core/security/credentials_test.c +++ b/test/core/security/credentials_test.c @@ -48,7 +48,7 @@ static const char test_iam_authorization_token[] = "blahblahblhahb"; static const char test_iam_authority_selector[] = "respectmyauthoritah"; static const char test_oauth2_bearer_token[] = "Bearer blaaslkdjfaslkdfasdsfasf"; -static const unsigned char test_root_cert[] = {0xDE, 0xAD, 0xBE, 0xEF}; +static const char test_root_cert[] = "I am the root!"; /* This JSON key was generated with the GCE console and revoked immediately. The identifiers have been changed as well. @@ -275,8 +275,8 @@ static void check_ssl_oauth2_composite_metadata( } static void test_ssl_oauth2_composite_creds(void) { - grpc_credentials *ssl_creds = grpc_ssl_credentials_create( - test_root_cert, sizeof(test_root_cert), NULL, 0, NULL, 0); + grpc_credentials *ssl_creds = + grpc_ssl_credentials_create(test_root_cert, NULL); const grpc_credentials_array *creds_array; grpc_credentials *oauth2_creds = grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0); @@ -312,8 +312,8 @@ static void check_ssl_oauth2_iam_composite_metadata( } static void test_ssl_oauth2_iam_composite_creds(void) { - grpc_credentials *ssl_creds = grpc_ssl_credentials_create( - test_root_cert, sizeof(test_root_cert), NULL, 0, NULL, 0); + grpc_credentials *ssl_creds = + grpc_ssl_credentials_create(test_root_cert, NULL); const grpc_credentials_array *creds_array; grpc_credentials *oauth2_creds = grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0); diff --git a/test/cpp/client/credentials_test.cc b/test/cpp/client/credentials_test.cc index ea088b87bd..174d2187b0 100644 --- a/test/cpp/client/credentials_test.cc +++ b/test/cpp/client/credentials_test.cc @@ -45,15 +45,6 @@ class CredentialsTest : public ::testing::Test { protected: }; -TEST_F(CredentialsTest, InvalidSslCreds) { - std::unique_ptr bad1 = - CredentialsFactory::SslCredentials({"", "", ""}); - EXPECT_EQ(nullptr, bad1.get()); - std::unique_ptr bad2 = - CredentialsFactory::SslCredentials({"", "bla", "bla"}); - EXPECT_EQ(nullptr, bad2.get()); -} - TEST_F(CredentialsTest, InvalidServiceAccountCreds) { std::unique_ptr bad1 = CredentialsFactory::ServiceAccountCredentials("", "", diff --git a/test/cpp/interop/server.cc b/test/cpp/interop/server.cc index 561b134c27..5b5c35416c 100644 --- a/test/cpp/interop/server.cc +++ b/test/cpp/interop/server.cc @@ -203,11 +203,7 @@ void RunServer() { builder.RegisterService(service.service()); if (FLAGS_enable_ssl) { SslServerCredentialsOptions ssl_opts = { - "", - {reinterpret_cast(test_server1_key), - test_server1_key_size}, - {reinterpret_cast(test_server1_cert), - test_server1_cert_size}}; + "", {{test_server1_key, test_server1_cert}}}; std::shared_ptr creds = ServerCredentialsFactory::SslCredentials(ssl_opts); builder.SetCredentials(creds); diff --git a/test/cpp/util/create_test_channel.cc b/test/cpp/util/create_test_channel.cc index f0d35d98c2..68f6244a53 100644 --- a/test/cpp/util/create_test_channel.cc +++ b/test/cpp/util/create_test_channel.cc @@ -56,11 +56,8 @@ std::shared_ptr CreateTestChannel( ChannelArguments channel_args; if (enable_ssl) { const char* roots_certs = - use_prod_roots ? reinterpret_cast(prod_roots_certs) - : reinterpret_cast(test_root_cert); - unsigned int roots_certs_size = - use_prod_roots ? prod_roots_certs_size : test_root_cert_size; - SslCredentialsOptions ssl_opts = {{roots_certs, roots_certs_size}, "", ""}; + use_prod_roots ? prod_roots_certs : test_root_cert; + SslCredentialsOptions ssl_opts = {roots_certs, "", ""}; std::unique_ptr creds = CredentialsFactory::SslCredentials(ssl_opts); -- cgit v1.2.3 From 68ad53edf3956dbd8b39c4eae2b4c3c9b00d1cfe Mon Sep 17 00:00:00 2001 From: Julien Boeuf Date: Tue, 20 Jan 2015 22:37:03 -0800 Subject: Fixing indent. --- include/grpc/grpc_security.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 440aa9b563..0732a8f83a 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -60,8 +60,8 @@ typedef struct { the client's private key. */ const char *private_key; - /* cert_chain is the NULL-terminated string containing the PEM encoding of - the client's certificate chain. */ + /* cert_chain is the NULL-terminated string containing the PEM encoding of + the client's certificate chain. */ const char *cert_chain; } grpc_ssl_pem_key_cert_pair; -- cgit v1.2.3 From 073d7b6cd9963378f69a087d935d4157b3068a4b Mon Sep 17 00:00:00 2001 From: Julien Boeuf Date: Wed, 21 Jan 2015 11:13:43 -0800 Subject: Fixing node and ruby builds. --- src/node/binding.gyp | 3 --- src/node/credentials.cc | 24 ++++++++++-------------- src/node/server_credentials.cc | 18 ++++++------------ src/ruby/ext/grpc/extconf.rb | 2 +- src/ruby/ext/grpc/rb_credentials.c | 19 +++++-------------- src/ruby/ext/grpc/rb_server_credentials.c | 14 +++++++------- 6 files changed, 29 insertions(+), 51 deletions(-) diff --git a/src/node/binding.gyp b/src/node/binding.gyp index 4a1fd7aaf0..da4a943491 100644 --- a/src/node/binding.gyp +++ b/src/node/binding.gyp @@ -19,9 +19,6 @@ 'link_settings': { 'libraries': [ '-lgrpc', - '-levent', - '-levent_pthreads', - '-levent_core', '-lrt', '-lgpr', '-lpthread' diff --git a/src/node/credentials.cc b/src/node/credentials.cc index d58b7eda89..f9cd2fcfe0 100644 --- a/src/node/credentials.cc +++ b/src/node/credentials.cc @@ -136,33 +136,29 @@ NAN_METHOD(Credentials::CreateDefault) { NAN_METHOD(Credentials::CreateSsl) { NanScope(); - char *root_certs; - char *private_key = NULL; - char *cert_chain = NULL; - int root_certs_length, private_key_length = 0, cert_chain_length = 0; - if (!Buffer::HasInstance(args[0])) { + char *root_certs = NULL; + grpc_ssl_pem_key_cert_pair key_cert_pair = {NULL, NULL}; + if (Buffer::HasInstance(args[0])) { + root_certs = Buffer::Data(args[0]); + } else if (!(args[0]->IsNull() || args[0]->IsUndefined())) { return NanThrowTypeError("createSsl's first argument must be a Buffer"); } - root_certs = Buffer::Data(args[0]); - root_certs_length = Buffer::Length(args[0]); if (Buffer::HasInstance(args[1])) { - private_key = Buffer::Data(args[1]); - private_key_length = Buffer::Length(args[1]); + key_cert_pair.private_key = Buffer::Data(args[1]); } else if (!(args[1]->IsNull() || args[1]->IsUndefined())) { return NanThrowTypeError( "createSSl's second argument must be a Buffer if provided"); } if (Buffer::HasInstance(args[2])) { - cert_chain = Buffer::Data(args[2]); - cert_chain_length = Buffer::Length(args[2]); + key_cert_pair.cert_chain = Buffer::Data(args[2]); } else if (!(args[2]->IsNull() || args[2]->IsUndefined())) { return NanThrowTypeError( "createSSl's third argument must be a Buffer if provided"); } + NanReturnValue(WrapStruct(grpc_ssl_credentials_create( - reinterpret_cast(root_certs), root_certs_length, - reinterpret_cast(private_key), private_key_length, - reinterpret_cast(cert_chain), cert_chain_length))); + root_certs, + key_cert_pair.private_key == NULL ? NULL : &key_cert_pair))); } NAN_METHOD(Credentials::CreateComposite) { diff --git a/src/node/server_credentials.cc b/src/node/server_credentials.cc index 38df547527..393f3a6305 100644 --- a/src/node/server_credentials.cc +++ b/src/node/server_credentials.cc @@ -123,14 +123,12 @@ NAN_METHOD(ServerCredentials::New) { } NAN_METHOD(ServerCredentials::CreateSsl) { + // TODO: have the node API support multiple key/cert pairs. NanScope(); char *root_certs = NULL; - char *private_key; - char *cert_chain; - int root_certs_length = 0, private_key_length, cert_chain_length; + grpc_ssl_pem_key_cert_pair key_cert_pair; if (Buffer::HasInstance(args[0])) { root_certs = Buffer::Data(args[0]); - root_certs_length = Buffer::Length(args[0]); } else if (!(args[0]->IsNull() || args[0]->IsUndefined())) { return NanThrowTypeError( "createSSl's first argument must be a Buffer if provided"); @@ -138,17 +136,13 @@ NAN_METHOD(ServerCredentials::CreateSsl) { if (!Buffer::HasInstance(args[1])) { return NanThrowTypeError("createSsl's second argument must be a Buffer"); } - private_key = Buffer::Data(args[1]); - private_key_length = Buffer::Length(args[1]); + key_cert_pair.private_key = Buffer::Data(args[1]); if (!Buffer::HasInstance(args[2])) { return NanThrowTypeError("createSsl's third argument must be a Buffer"); } - cert_chain = Buffer::Data(args[2]); - cert_chain_length = Buffer::Length(args[2]); - NanReturnValue(WrapStruct(grpc_ssl_server_credentials_create( - reinterpret_cast(root_certs), root_certs_length, - reinterpret_cast(private_key), private_key_length, - reinterpret_cast(cert_chain), cert_chain_length))); + key_cert_pair.cert_chain = Buffer::Data(args[2]); + NanReturnValue(WrapStruct( + grpc_ssl_server_credentials_create(root_certs, &key_cert_pair, 1))); } NAN_METHOD(ServerCredentials::CreateFake) { diff --git a/src/ruby/ext/grpc/extconf.rb b/src/ruby/ext/grpc/extconf.rb index e948504e9e..a6dbbf3aca 100644 --- a/src/ruby/ext/grpc/extconf.rb +++ b/src/ruby/ext/grpc/extconf.rb @@ -68,7 +68,7 @@ $CFLAGS << ' -Wno-return-type ' $CFLAGS << ' -Wall ' $CFLAGS << ' -pedantic ' -$LDFLAGS << ' -lgrpc -lgpr -levent -levent_pthreads -levent_core' +$LDFLAGS << ' -lgrpc -lgpr' # crash('need grpc lib') unless have_library('grpc', 'grpc_channel_destroy') # diff --git a/src/ruby/ext/grpc/rb_credentials.c b/src/ruby/ext/grpc/rb_credentials.c index 5dec51824d..31f47f3b76 100644 --- a/src/ruby/ext/grpc/rb_credentials.c +++ b/src/ruby/ext/grpc/rb_credentials.c @@ -214,6 +214,7 @@ static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) { VALUE pem_cert_chain = Qnil; grpc_rb_credentials *wrapper = NULL; grpc_credentials *creds = NULL; + /* TODO: Remove mandatory arg when we support default roots. */ /* "12" == 1 mandatory arg, 2 (credentials) is optional */ rb_scan_args(argc, argv, "12", &pem_root_certs, &pem_private_key, &pem_cert_chain); @@ -225,22 +226,12 @@ static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) { return Qnil; } if (pem_private_key == Qnil && pem_cert_chain == Qnil) { - creds = grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs), - RSTRING_LEN(pem_root_certs), NULL, 0, - NULL, 0); - } else if (pem_cert_chain == Qnil) { - creds = grpc_ssl_credentials_create( - RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs), - RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key), - RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain)); - } else if (pem_private_key == Qnil) { - creds = grpc_ssl_credentials_create( - RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs), NULL, 0, - RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain)); + creds = grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs), NULL); } else { + grpc_ssl_pem_key_cert_pair key_cert_pair = {RSTRING_PTR(pem_private_key), + RSTRING_PTR(pem_cert_chain)}; creds = grpc_ssl_credentials_create( - RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs), - RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key), NULL, 0); + RSTRING_PTR(pem_root_certs), &key_cert_pair); } if (creds == NULL) { rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why"); diff --git a/src/ruby/ext/grpc/rb_server_credentials.c b/src/ruby/ext/grpc/rb_server_credentials.c index e534c11444..4f6c67ea5e 100644 --- a/src/ruby/ext/grpc/rb_server_credentials.c +++ b/src/ruby/ext/grpc/rb_server_credentials.c @@ -145,8 +145,10 @@ static ID id_pem_cert_chain; static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs, VALUE pem_private_key, VALUE pem_cert_chain) { + /* TODO support multiple key cert pairs in the ruby API. */ grpc_rb_server_credentials *wrapper = NULL; grpc_server_credentials *creds = NULL; + grpc_ssl_pem_key_cert_pair key_cert_pair = {NULL, NULL}; Data_Get_Struct(self, grpc_rb_server_credentials, wrapper); if (pem_cert_chain == Qnil) { rb_raise(rb_eRuntimeError, @@ -157,15 +159,13 @@ static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs, "could not create a server credential: nil pem_private_key"); return Qnil; } + key_cert_pair.private_key = RSTRING_PTR(pem_private_key); + key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain); if (pem_root_certs == Qnil) { - creds = grpc_ssl_server_credentials_create( - NULL, 0, RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key), - RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain)); + creds = grpc_ssl_server_credentials_create(NULL, &key_cert_pair, 1); } else { - creds = grpc_ssl_server_credentials_create( - RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs), - RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key), - RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain)); + creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs), + &key_cert_pair, 1); } if (creds == NULL) { rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why"); -- cgit v1.2.3